Configuring source ip address verification – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 385
364
For a client using an IPv4 address, the AP can obtain the IP address assigned to the client in the DHCPv4
packets exchanged between the DHCP server and the client, and bind the IP address with the MAC
address of the client.
For a client using an IPv6 address, the AP can generate binding entries in either of the following ways:
•
DHCPv6—The AP obtains the complete IPv6 address assigned to the client in the DHCPv6 packets
exchanged between the DHCP server and the client, and binds the IPv6 address with the MAC
address of the client. If the AP obtains the IPv6 address prefix assigned to the client, it cannot
generate a proper binding entry.
•
ND (Neighbor Discovery)—The AP obtains the IPv6 address in the router advertisement packets
exchanged between the router and the client, and binds the IPv6 address with the MAC address of
the client.
After source IP address verification is enabled, the AP looks up the binding entries for received packets.
If the source MAC address and the source IP address of a packet match a binding entry, the AP forwards
the packets. Otherwise, the AP discards it.
shows how source IP address verification works.
Figure 346 Source IP address verification process
NOTE:
•
For more information about DHCP, see "DHCP overview."
•
For more information about DHCPv6, see Layer 3 Configuration Guide.
•
For more information about ND, see Layer 3 Configuration Guide.
Configuring source IP address verification
1.
Select Wireless Service > Access Service from the navigation tree.
2.
Click the
icon for the target wireless service in the list.